[Preston] Secure Auth & Connections with Apache

[Matthew T. Atkinson]

'ellow,

I have recently been trying to come up with some better security than
plain text HTTP authentication and no session encryption.  I am running
Apache 1.3 but am will be moving to 2.0 when Debian Sarge is out (as it
is a prerequisite for ``Subversion'').

I would like to have secure password authentication (like ssh; no
certificates if possible) and encrypted sessions (maybe using ssl).  I
have looked into mod_ssl but have struggled with the docs and setting it
up.  I can't even find a tutorial on how to make certificates (have
looked in the Debian READMEs and the mod_ssl web site).  Even if I
manage to set it up and make my own certificates, I know that some of my
users will be put off by the ``Do you want to accept the certificate for
this site?'' box in their web browsers.

I am therefore thinking that mod_ssl may be overkill.  All I really want
is something like ssh - secure password auth and encrypted sessions with
no bells and whistles or certificates to complicate things.

Is there anything simpler than mod_ssl that works with either Apache 1
or 2?  Any advice would be greatly appreciated.

bye just now,


-- 
Matthew T. Atkinson <matthew at agrip.org.uk>